logjam – WindowsTechs.com

How to PoC the CVE-2015-4000 logjam vulnerability

Posted on August 24, 2022 by ethicalhacker

I ran testssl.sh on a server and can see that it is vulenrable to logjam.
Now I am interested in doing a PoC to validate the server is exploitable to this vulenrability.
I searched through google but most articles explain the vulnerability… Continue reading How to PoC the CVE-2015-4000 logjam vulnerability→

“Log4Shell” Java vulnerability – how to safeguard your servers

Posted on December 10, 2021 by Paul Ducklin

Just when you thought it was safe to relax for the weekend… a critical bug showed up in Apache’s Log4j product Continue reading “Log4Shell” Java vulnerability – how to safeguard your servers→

Command to check a website is vulnerable to Logjam

Posted on October 21, 2019 by Panadol Chong

I am referring this post https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ and trying to see a website is vulnerable to Logjam or not.

I try with www.google.com:443 but I am getting Server Temp Key: X25519, 253 b… Continue reading Command to check a website is vulnerable to Logjam→

Setup Wireshark to decrypt TLS_DHE

Posted on March 26, 2018 by Sirt

I have a passively sniffed traffic dump of client/server were packets are encrypted with cipher suite

Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)

With a Logjam attack I managed to find the DH private key.

H… Continue reading Setup Wireshark to decrypt TLS_DHE→

Google to Enforce HSTS on TLDs it Operates

Posted on September 28, 2017 by Michael Mimoso

Google, through Google Domains, operates many TLDs, and this week said it would begin enforcing HSTS on those TLDs. HSTS forces secure client connections over HTTPS. Continue reading Google to Enforce HSTS on TLDs it Operates→

Logjam definition question

Posted on July 3, 2017 by Wealot

As I understand it, the Logjam TLS attack is an attack that downgrades the DHE cipher suite used by the server to DHE_EXPORT. Where the client thinks it is talking DHE 512 and the server things it’s talking DHE_EXPORT (which … Continue reading Logjam definition question→

Why is Mozilla recommending predefined DHE groups?

Posted on January 30, 2017 by willwill

In a revision dated 2016-10-31, Mozilla changed their Server Side TLS recommendation from generating a random DH group to the ones published in RFC 7919. Mozilla claims:

These groups are audited and may be more resistant … Continue reading Why is Mozilla recommending predefined DHE groups?→

Export-Grade Crypto Patching Improves

Posted on August 3, 2016 by Michael Mimoso

A Black Hat talk this week is expected to take a deep dive into the ramifications of lingering support for export-grade cryptography and how patching levels are proceeding. Continue reading Export-Grade Crypto Patching Improves→

How can a RSA-2048 certificate be vulnerable to logjam attack? [duplicate]

Posted on February 1, 2016 by gunnar247

Most likely I am missing some fundamentals: Our web servers are secured with TLS encryption. We use RSA-2048 bit certificates. The logjam attack targets the DH algorithm. How can our web servers be vulnerable to the logjam attack? Is a com… Continue reading How can a RSA-2048 certificate be vulnerable to logjam attack? [duplicate]→